Privacy compliance is an on-going obligation

News

Privacy compliance is an on-going obligation

The first year's application of the federal privacy legislation to private business has produced an interesting overview of the areas of primary concern for privacy compliance.

WantToReadMore

Get unlimited access to all of our content.

 

The first year's application of the federal privacy legislation to private business has produced an interesting overview of the areas of primary concern for privacy compliance.
 
Statistics (covering 21 December 2001-21 December 2002) from the Office of the Federal Privacy Commissioner show that one-quarter of all complaints relate to improper disclosure.
 
Disclosure breaches are fundamental in that the purpose of the legislation is designed to avoid precisely this activity.
 
The tabulated summary of complaints is set-out below.
 
National Privacy Principle Complaints handled by the Office of the Federal Privacy Commissioner by issue type (21 Dec 2001 - 31 Dec 2002)
 
  

Issue

Number

 

Percentage

     

NPP 8

anonymity not offered

1

0.1

NPP 1.5

inadequate notice

2

0.3

NPP 2.1

health information

2

0.3

NPP 9

transborder issues

3

0.4

NPP 6.4

excessive charges / request fee

6

0.8

NPP 5

openness issues

7

1.0

NPP 1.3

insufficient notice

12

1.7

NPP 10

sensitive information collection

13

1.8

NPP 1.3

bundled consent form

15

2.1

NPP 2.1

spam

30

4.2

NPP 1.2

unlawful / unfair collection

46

6.5

NPP 2.1

improper use

46

6.5

NPP 1.1

unnecessary collection

48

6.7

NPP 2.1

direct marketing

58

8.1

NPP 4

data security issues

58

8.1

NPP 3

data quality issues

60

8.4

NPP 6.1

refused access - health records

63

8.8

NPP 6.1

refused access (non health)

68

9.5

NPP 2.1

improper disclosure

175

24.5

To counter improper disclosure there would seem to be a clear need for education of all persons working in business (and particularly those handling sensitive information) who have access to information about individuals. Having policies and procedures in place are of little use if the staff doing the work are not aware of what amounts to a breach of privacy and how they should treat and store personal information.
 
Training on the basis concepts and appropriate methods and procedures can be achieved in short training sessions. WorkplaceInfo has published a CD on privacy law compliance. A very helpful aspect of this comprehensive CD is a training session (power point) that enables businesses to bring their staff up to speed with privacy law compliance.
 
Health service providers need to pay special attention
 
A section of the Privacy Commissioner's site contains information for health service providers regarding their obligations under the federal Privacy Act.
 
From 21 December 2001 health service providers covered by the federal Privacy Act have needed to comply with ten National Privacy Principles that allow for individuals to exercise new rights and choices about how their personal and health information is handled in the private health sector. The Act also gives people these rights over personal information held by other private sector organisations.
 
To assist health service providers in the private sector to understand their new obligations the Office of the Federal Privacy Commissioner has produced Guidelines on Privacy in the Private Health Sector and a Short Guide for the private health sector and other helpful information on its website.
 
21 December 2002 - the date some small businesses came under privacy legislation regime
 
From 21 December 2002 some small businesses with an annual turnover of $3m or less became covered by the Privacy Act.
 
WorkplaceInfo has kept subscribers informed of these changes as that date loomed.
 
There is now a very useful Snapshot of the Privacy Act for Small Business on the Privacy Commissioner's site.
 
Related articles on WorkplaceInfo:
  • Privacy collection 
Post details